CN112395630A - Data encryption method and device based on information security, terminal equipment and medium - Google Patents
Data encryption method and device based on information security, terminal equipment and medium Download PDFInfo
- Publication number
- CN112395630A CN112395630A CN202011353006.9A CN202011353006A CN112395630A CN 112395630 A CN112395630 A CN 112395630A CN 202011353006 A CN202011353006 A CN 202011353006A CN 112395630 A CN112395630 A CN 112395630A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- field
- target field
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012545 processing Methods 0.000 claims abstract description 56
- 238000000586 desensitisation Methods 0.000 claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 19
- 238000013507 mapping Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 abstract description 7
- 238000003672 processing method Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The application is applicable to the technical field of information security, and particularly relates to a data encryption method and device based on information security, terminal equipment and a medium. According to the method, local desensitization and local differential privacy of the data to be encrypted are realized by performing desensitization processing and differential privacy processing on the data to be encrypted, the data after desensitization processing and the data after differential privacy processing are two different data obtained by using different privacy processing methods, and because the two different data are not associated, even if original data of the two different data are obtained through corresponding reverse engineering, the original data of the two different data are not associated, so that the data to be encrypted cannot be accurately obtained according to the original data of the two different data, the confidentiality effect of the data to be encrypted is improved, and the data to be encrypted is prevented from being leaked.
Description
Technical Field
The present application belongs to the technical field of information security, and in particular, to a data encryption method and apparatus based on information security, a terminal device, and a medium.
Background
At present, cloud computing and mobile internet technologies and applications are mature day by day, data sharing is also a great trend, meanwhile, the security problem of data is severe day by day, especially the most confidential or sensitive information, such as identity card numbers, mobile phone numbers, bank card numbers and other financial information, face the risk of privacy disclosure, and in the prior art, confidentiality is realized by adopting a method of hiding part of information, and the method is easy to crack due to simple logic, so that the confidentiality effect is poor.
Disclosure of Invention
The embodiment of the application provides a data encryption method, a data encryption device, terminal equipment and a data encryption medium based on information security, and can solve the problems that the existing data encryption effect is poor and data leakage is easily caused.
In a first aspect, an embodiment of the present application provides a data encryption method based on information security, where the data encryption method includes:
acquiring data to be encrypted;
analyzing the data to be encrypted to determine a field list of the data to be encrypted;
acquiring a target field and a non-target field in the field list;
desensitizing the data of the target field in the data to be encrypted to obtain desensitized data;
carrying out differential privacy processing on the data of the non-target field in the data to be encrypted to obtain data subjected to differential privacy processing;
and merging the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
In a second aspect, an embodiment of the present application provides a data encryption apparatus based on information security, where the data encryption apparatus includes:
the resource packet acquisition module is used for acquiring data to be encrypted;
the list acquisition module is used for analyzing the data to be encrypted to determine a field list of the data to be encrypted;
the field acquisition module is used for acquiring a target field and a non-target field in the field list;
a desensitization data module, configured to perform desensitization processing on the data of the target field in the data to be encrypted to obtain desensitized data;
the noise data module is used for carrying out differential privacy processing on the data of the non-target field in the data to be encrypted to obtain data subjected to differential privacy processing;
and the encrypted data module is used for merging the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
In a third aspect, an embodiment of the present application provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the data encryption method according to the first aspect is implemented.
In a fourth aspect, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the data encryption method according to the first aspect.
In a fifth aspect, an embodiment of the present application provides a computer program product, which, when running on a terminal device, causes the terminal device to execute the data encryption method according to the first aspect.
Compared with the prior art, the embodiment of the application has the advantages that: according to the method and the device, desensitization processing and differential privacy processing are carried out on the data to be encrypted, local desensitization and local differential privacy of the data to be encrypted are achieved, the data after desensitization processing and the data after differential privacy processing are two different data obtained by using different privacy processing methods, and the two different data are not related to each other, so that even if original data of the two different data are obtained through corresponding reverse engineering, the original data of the two different data are not related to each other, therefore, the data to be encrypted cannot be accurately obtained according to the original data of the two different data, the confidentiality effect of the data to be encrypted is improved, and the data to be encrypted is prevented from leaking.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a data encryption method based on information security according to an embodiment of the present application;
FIG. 2 is a schematic content diagram of data to be encrypted according to an embodiment of the present application;
FIG. 3 is a schematic content diagram of encrypted data provided in an embodiment of the present application;
fig. 4 is a schematic flowchart of a data encryption method based on information security according to a second embodiment of the present application;
fig. 5 is a schematic structural diagram of a data encryption device based on information security according to a third embodiment of the present application;
fig. 6 is a schematic structural diagram of a terminal device according to a fourth embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
The data encryption method based on information security provided by the embodiment of the application can be applied to terminal devices such as a palm computer, a desktop computer, a notebook computer, a super-mobile personal computer (UMPC), a netbook, a cloud server, a Personal Digital Assistant (PDA) and the like, wherein a database is arranged in the terminal devices, and when an affair accesses the database, the data encryption method based on information security is operated, the database can be a memory database, and the embodiment of the application does not limit the specific type of the terminal devices.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In order to explain the technical solution described in the present application, the following description will be given by way of specific examples.
Referring to fig. 1, which is a schematic flowchart of a data encryption method based on information security according to an embodiment of the present application, where the data encryption method may be used in a terminal device, as shown in the figure, the data encryption method may include the following steps:
step S101, obtaining data to be encrypted.
The data to be encrypted may include a field name, and data is corresponding to the field name, for example, the field name is "arrearage", the data corresponding to the "arrearage" field is 4000 (numerical value), "arrearage" field and 4000 constitute the data to be encrypted, the field name may be used to distinguish different types of data, the data to be encrypted may be asset package data, the asset package data includes personal data corresponding to a field of personal information and asset data corresponding to a field of asset information; the data to be encrypted can be stored in the server, the terminal device is connected with the server and sends a data acquisition instruction to the server, the server receives the data acquisition instruction and sends the corresponding data to be encrypted to the terminal device, of course, the data to be encrypted can also be stored in the terminal device, and the terminal device can directly call the data to be encrypted when the data encryption method is operated.
Step S102, analyzing the data to be encrypted to determine a field list of the data to be encrypted.
The field list may refer to all field names in the asset package data, analyzing the data to be encrypted may be analyzing the length and type of characters in the data to be encrypted, determining characters characterized as the field names from the data to be encrypted according to the length and type of the characters, and extracting the field names corresponding to the characters, for example, the characters correspond to "client names", the types of the characters are text types, the length of the characters is 8 bytes, and the field names characterized by the characters are known according to a preset rule, so that the "client names" are extracted as the fields in the field list.
If the data to be encrypted is data with a standard format, the field list may be directly obtained according to the format, for example, as shown in fig. 2, the data to be encrypted is table data with two rows, a first row is a field name, a last row is data, and all the field names of the first row constitute the field list.
Optionally, analyzing the data to be encrypted to determine the field list of the data to be encrypted includes:
analyzing the data to be encrypted to obtain numerical data in the data to be encrypted;
and determining the field corresponding to the numerical data as the field in the field list of the data to be encrypted.
The meaning of each field in the data to be encrypted is different, so that the type of the data corresponding to each field is different, the data to be encrypted includes but is not limited to asset data, most of the asset data is numerical data, for example, the field is asset amount, and the data corresponding to the asset amount should be numerical value, so that by identifying the numerical data in the data to be encrypted and extracting the field corresponding to the numerical data as the field in the field list, it is better ensured that the field corresponding to the asset data can be listed in the field list to encrypt the corresponding asset data.
Step S103, acquiring a target field and a non-target field in the field list.
Wherein the target field or the non-target field is predefined according to requirements. When the target field is predefined, the predefined target field includes N field names (that is, the number of the predefined target fields is N), where N is an integer greater than zero, the target field in the field list may refer to a field that is the same as the field name of the predefined target field, and the non-target field in the field list may refer to a field other than the target field in the field list, for example, the predefined target field is a client name, a gender, an identity number, a mobile phone number, etc., if the field list is a client name, an identity number, a mobile phone number, an age, and a debt, the target field in the field list is a client name, an identity number, a mobile phone number, an age, and a debt, and the non-target field in the field list is an age and a debt. When the non-target fields are predefined, the non-target fields may include M field names (i.e., the number of the predefined non-target fields is M), M is an integer greater than zero, the non-target fields in the field list may refer to fields having the same field names as the non-target fields, and the target fields in the field list may refer to fields in the field list other than the target fields. Whether the field names are the same or not can be determined by comparing the character lengths and the character types of the field names, for example, age and arrearage are predefined non-target fields, if the field list is the name, the identity card number, the mobile phone number, the age and the arrearage of a client, the age and the arrearage of the non-target fields in the field list are the age and the arrearage, and the target fields in the field list are the name, the identity card number and the mobile phone number of the client.
And step S104, desensitizing the data of the target field in the data to be encrypted to obtain desensitized data.
Optionally, desensitizing data of a target field in the data to be encrypted, and obtaining the desensitized data includes:
obtaining desensitization rules of each field in the target field;
and performing desensitization treatment on the data of the corresponding field in the data to be encrypted according to the desensitization rule of each field to obtain the desensitized data.
Desensitization processing can be data deformation on some sensitive data through desensitization rules to protect the sensitive data, the desensitization rules can be set according to actual requirements, and the same desensitization rules or different desensitization rules can be adopted for different types of sensitive data (namely, data with different field names); in addition, the data after desensitization processing may refer to data constituted by the field name of the target field and the data after it is deformed according to the desensitization rule.
The desensitization rules include, but are not limited to desensitization replacement symbols, desensitization regions, lengths and the like, when the number of the target fields is at least two, desensitization processing needs to be performed on data of all the target fields, desensitization rules corresponding to different target fields may be the same or different, for example, the desensitization rule for the "identity card number" field is to reserve the first three bits, the rest of the desensitization rules are replaced by the number, the desensitization rule for the "mobile phone number" field is to reserve the first three bits, the rest of the desensitization rules are replaced by the number, the desensitization rules for the "bank card number" field are to reserve the first two bits, and the rest of the desensitization rules are replaced by the number.
And step S105, performing differential privacy processing on the data of the non-target field in the data to be encrypted to obtain the data after the differential privacy processing.
The differential privacy processing may be to remove individual features on the premise of keeping statistical features of the original data, where the statistical features may refer to a total amount of the original data and a number of the original data, and the individual features may refer to data value features of a certain volume data in the original data, and the like, that is, a certain noise is added to the original data of the individual without affecting a statistical result, so that the original data of the individual is changed.
The differential privacy implementation mechanism generally includes a laplacian mechanism and an exponential mechanism, and the differential privacy implementation mechanism is not limited in the present application.
And step S106, merging the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
The data after desensitization processing is a part of the data to be encrypted, the data after differential privacy processing is another part of the data to be encrypted, and the two parts are combined to form complete data to be encrypted (i.e., encrypted data to be encrypted), where the format of the encrypted data to be encrypted is not changed, but the data therein is encrypted, for example, as shown in fig. 4, the data to be encrypted is encrypted with respect to the data to be encrypted in fig. 2.
According to the data encryption method and device, local desensitization and local differential privacy of the data to be encrypted are achieved by performing desensitization processing and differential privacy processing on the data to be encrypted, the data after desensitization processing and the data after differential privacy processing are two different types of data obtained by using different privacy processing methods, and due to the fact that no association exists between the two different types of data, even if original data of the two different types of data are obtained through corresponding reverse engineering, no association exists between the original data of the two different types of data, therefore, the data to be encrypted cannot be accurately obtained according to the original data of the two different types of data, the confidentiality effect of the data to be encrypted is improved, and leakage of the data to be encrypted is avoided.
Referring to fig. 4, which is a schematic flow chart of a data encryption method based on information security according to a second embodiment of the present application, where the data encryption method may be used in a terminal device, as shown in the figure, the data encryption method may include the following steps:
step S401, data to be encrypted is acquired.
Step S402, analyzing the data to be encrypted to determine a field list of the data to be encrypted.
Step S403, obtain the target field and the non-target field in the field list.
And S404, desensitizing the data of the target field in the data to be encrypted to obtain desensitized data.
The contents of steps S401 to S404 are the same as those of steps S101 to S104, and the descriptions of steps S101 to S106 can be referred to, and are not repeated herein.
Step S405, obtain laplacian noise corresponding to the non-target field.
The laplacian noise may be noise generated by the difference privacy using the laplacian mechanism, that is, the laplacian noise is random noise conforming to the laplacian distribution. Since the laplace noise is a numerical quantity, the data in the non-target field in this embodiment should be numerical data, i.e., when the target field and the non-target field are predefined, the field corresponding to the non-numerical data can be excluded from the non-target field according to the requirement.
The laplacian noise may be data preset and stored in the server, the terminal device sends a field noise acquisition instruction to the server, and the server receives the field noise acquisition instruction and sends the laplacian noise of the field to the terminal device.
Optionally, the obtaining the laplacian noise corresponding to the non-target field includes:
obtaining Laplace parameters corresponding to non-target fields;
and generating Laplace noise corresponding to the non-target field according to the Laplace parameter corresponding to the non-target field.
The method comprises the steps of calculating Laplace noise according to Laplace parameters, wherein the Laplace parameters can refer to position parameters and scale parameters, random noise generated according to the position parameters and the scale parameters meets Laplace distribution of the position parameters and the scale parameters, values of the position parameters and the scale parameters can be set according to requirements, for example, the values of numerical data are set according to the reference, and if the numerical data are 4000 yuan, the Laplace noise generated by the set position parameters and the set scale parameters can be between 1 yuan and 100 yuan.
When the field list includes at least two non-target fields, the laplacian parameters of different non-target fields may be the same, and certainly, since the meaning and data represented by each non-target field are different, and the two non-target fields may also be completely unrelated, the laplacian parameters corresponding to different non-target fields may also be different, so as to meet the requirements of different non-target fields on the noise.
For example, the field list includes a client name, an identity card, a mobile phone number, a bank card number, an age, a work age, and a debt, the target field in the field list includes a client name, an identity card, a mobile phone number, and a bank card number, the non-target fields in the field list include an age, a work age, and a debt, the correlation between the age field and the debt field is not large, the magnitude of data in the age field is small, the magnitude of data in the debt field is large, laplacian noise with a small magnitude is obtained according to the laplacian parameter corresponding to the age field, and laplacian noise with a large magnitude is obtained according to the laplacian parameter corresponding to the debt field, so the laplacian parameter corresponding to the age field and the laplacian parameter corresponding to the debt field may be different.
Optionally, the obtaining the laplacian parameter corresponding to the non-target field includes:
obtaining Laplacian parameters corresponding to non-target fields from a non-target field table, wherein the non-target field table at least comprises a mapping relation between the Laplacian parameters corresponding to the non-target fields and the non-target fields;
or inputting the non-target field into the trained Laplacian parameter obtaining model, and obtaining the Laplacian parameter corresponding to the non-target field output by the Laplacian parameter obtaining model.
The non-target field table comprises at least one field and Laplacian parameters corresponding to the mapping of each field, the fields in the non-target field table are all non-target fields, the Laplacian parameters corresponding to the mapping of each field in the non-target field table are determined according to experience or requirements, and the non-target field table is stored in a memory of a server or terminal equipment in advance for the terminal equipment to call.
The laplace parameter can be adjusted according to the influence on the data before and after adding the laplace noise, for example, based on the asset evaluation phase, for a set of debt (field is debt) amount data (for a certain order of magnitude, wherein the order of magnitude is divided into elements, angles, and levels), a first sum and/or a first average of the set of debt amount data is calculated, then laplace noise is obtained by setting the laplace parameter, the set of debt amount data is added with the laplace noise, a second sum and/or a second average of the set of debt amount data after adding the noise is calculated, a difference between the first sum and the second sum or a difference between the first average and the second average is calculated, and by continuously adjusting the laplace parameter value, the difference between the first sum and the second sum is smaller than a difference threshold or the difference between the first average and the second average is smaller than the difference threshold, the laplacian parameter at this time is corresponding to the "arrearage" field, wherein the difference threshold is set according to the actual evaluation requirement, which is not limited herein.
In addition, according to the application, the laplacian parameters corresponding to the non-target fields can be obtained through a trained laplacian parameter obtaining model, the input of the laplacian parameter obtaining model is a field, and the output of the laplacian parameter obtaining model is a laplacian parameter, namely, the field of the non-target field is input into the trained laplacian parameter obtaining model to obtain the laplacian parameters corresponding to the field.
Step S406, adding the data in the non-target field to the laplacian noise corresponding to the non-target field to obtain added data, and determining the added data as the data after the differential privacy processing.
The data obtained by adding corresponding laplacian noise to the data in the non-target field constitutes the data after the differential privacy processing together with the non-target field, for example, if the data in the "owing" field is 4000 and the corresponding laplacian noise is 5, the data 4005 after the addition and the "owing" field constitute the data after the differential privacy processing.
Step S407, merging the desensitized data and the differential privacy processed data to obtain encrypted data.
The content of step S407 is the same as that of step S106, and reference may be made to the description of step S106, which is not repeated herein.
According to the embodiment of the application, the Laplace mechanism is adopted to increase Laplace noise on the data of the non-target field in the differential privacy processing, so that the differential privacy processing is realized, the characteristics of more numerical data in the data to be encrypted are better met, privacy disclosure can be effectively avoided, and the effect is better.
Fig. 5 shows a block diagram of a data encryption device based on information security according to the second embodiment of the present application, and for convenience of description, only the relevant parts of the second embodiment of the present application are shown.
Referring to fig. 5, the data encryption apparatus includes:
an asset pack acquisition module 51, configured to acquire data to be encrypted;
the list acquisition module 52 is configured to analyze the data to be encrypted to determine a field list of the data to be encrypted;
a field acquiring module 53, configured to acquire a target field and a non-target field in a field list;
a desensitization data module 54, configured to perform desensitization processing on data of a target field in the data to be encrypted to obtain desensitized data;
the noise data module 55 is configured to perform differential privacy processing on data of a non-target field in the data to be encrypted to obtain data after the differential privacy processing;
and the encrypted data module 56 is configured to combine the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
Optionally, the noise data module 55 includes:
the noise acquisition unit is used for acquiring Laplace noise corresponding to the non-target field;
the addition processing unit is used for adding the data of the non-target field and the Laplace noise corresponding to the non-target field to obtain added data;
and the noise data determining unit is used for determining the added data as the data subjected to the difference privacy processing.
Optionally, the noise obtaining unit is specifically configured to:
obtaining Laplace parameters corresponding to non-target fields;
and generating Laplace noise corresponding to the non-target field according to the Laplace parameter corresponding to the non-target field.
Optionally, the obtaining the laplacian parameter corresponding to the non-target field includes:
obtaining Laplacian parameters corresponding to non-target fields from a non-target field table, wherein the non-target field table at least comprises a mapping relation between the Laplacian parameters corresponding to the non-target fields and the non-target fields;
or inputting the non-target field into the trained Laplacian parameter acquisition model to obtain the Laplacian parameter corresponding to the non-target field output by the Laplacian parameter acquisition model.
Optionally, laplacian parameters corresponding to different non-target fields are different.
Optionally, the desensitization data module 54 includes:
the rule obtaining unit is used for obtaining desensitization rules of each field in the target field;
and the desensitization processing unit is used for performing desensitization processing on the data of the corresponding field in the data to be encrypted according to the desensitization rule of each field to obtain the desensitized data.
Optionally, the manifest acquiring module 52 includes:
the numerical data acquisition unit is used for analyzing the data to be encrypted to acquire numerical data in the data to be encrypted;
and the list determining unit is used for determining the field corresponding to the numerical data as the field in the field list of the data to be encrypted.
It should be noted that, because the contents of information interaction, execution process, and the like between the modules are based on the same concept as that of the embodiment of the method of the present application, specific functions and technical effects thereof may be specifically referred to a part of the embodiment of the method, and details are not described here.
Fig. 6 is a schematic structural diagram of a terminal device according to a third embodiment of the present application. As shown in fig. 6, the terminal device 6 of this embodiment includes: at least one processor 60 (only one shown in fig. 6), a memory 61, and a computer program 62 stored in the memory 61 and executable on the at least one processor 60, the steps in any of the various information security-based data encryption method embodiments described above being implemented when the computer program 62 is executed by the processor 60.
The terminal device may include, but is not limited to, a processor 60, a memory 61. Those skilled in the art will appreciate that fig. 6 is only an example of the terminal device 6, and does not constitute a limitation to the terminal device 6, and may include more or less components than those shown, or combine some components, or different components, such as an input/output device, a network access device, and the like; and for another example, the parts are required to be arranged in terminal equipment entities such as an RGB camera, a mechanical arm and the like.
The Processor 60 may be a Central Processing Unit (CPU), and the Processor 60 may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may in some embodiments be an internal storage unit of the terminal device 6, such as a hard disk or a memory of the terminal device 6. The memory 61 may also be an external storage device of the terminal device 6 in other embodiments, such as a plug-in hard disk provided on the terminal device 6, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 61 may also include both an internal storage unit of the terminal device 6 and an external storage device. The memory 61 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 61 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code, recording medium, computer Memory, Read-Only Memory (ROM), Random-Access Memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.
When the computer program product runs on the terminal device, the steps in the method embodiments can be implemented when the terminal device executes the computer program product.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A data encryption method based on information security is characterized by comprising the following steps:
acquiring data to be encrypted;
analyzing the data to be encrypted to determine a field list of the data to be encrypted;
acquiring a target field and a non-target field in the field list;
desensitizing the data of the target field in the data to be encrypted to obtain desensitized data;
carrying out differential privacy processing on the data of the non-target field in the data to be encrypted to obtain data subjected to differential privacy processing;
and merging the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
2. The data encryption method according to claim 1, wherein the performing differential privacy processing on the data in the non-target field in the data to be encrypted to obtain data after differential privacy processing includes:
acquiring Laplace noise corresponding to the non-target field;
adding the data of the non-target field and the Laplace noise corresponding to the non-target field to obtain added data;
and determining the added data as the data after the differential privacy processing.
3. The data encryption method of claim 2, wherein said obtaining the laplacian noise corresponding to the non-target field comprises:
obtaining a Laplace parameter corresponding to the non-target field;
and generating Laplace noise corresponding to the non-target field according to the Laplace parameter corresponding to the non-target field.
4. The data encryption method of claim 3, wherein said obtaining the Laplace parameter corresponding to the non-target field comprises:
obtaining Laplacian parameters corresponding to the non-target fields from a non-target field table, wherein the non-target field table at least comprises mapping relations between the non-target fields and the Laplacian parameters corresponding to the non-target fields;
or inputting the non-target field into a trained Laplacian parameter obtaining model, and obtaining the Laplacian parameter corresponding to the non-target field output by the Laplacian parameter obtaining model.
5. The data encryption method according to claim 1, wherein the desensitizing processing is performed on the data of the target field in the data to be encrypted, and obtaining the desensitized data comprises:
obtaining desensitization rules of each field in the target field;
and desensitizing the data of the corresponding field in the data to be encrypted according to the desensitization rule of each field to obtain desensitized data.
6. The data encryption method of any one of claims 1 to 5, wherein said analyzing said data to be encrypted to determine a field list of said data to be encrypted comprises:
analyzing the data to be encrypted to obtain numerical data in the data to be encrypted;
and determining the field corresponding to the numerical data as a field in the field list of the data to be encrypted.
7. A data encryption apparatus based on information security, characterized in that the data encryption apparatus comprises:
the resource packet acquisition module is used for acquiring data to be encrypted;
the list acquisition module is used for analyzing the data to be encrypted to determine a field list of the data to be encrypted;
the field acquisition module is used for acquiring a target field and a non-target field in the field list;
a desensitization data module, configured to perform desensitization processing on the data of the target field in the data to be encrypted to obtain desensitized data;
the noise data module is used for carrying out differential privacy processing on the data of the non-target field in the data to be encrypted to obtain data subjected to differential privacy processing;
and the encrypted data module is used for merging the desensitized data and the data subjected to the differential privacy processing to obtain encrypted data.
8. The data encryption device of claim 7, wherein the noise data module comprises:
the noise obtaining unit is used for obtaining Laplace noise corresponding to the non-target field;
the addition processing unit is used for adding the data of the non-target field and the Laplace noise corresponding to the non-target field to obtain added data;
and the noise data determining unit is used for determining the added data as the data subjected to the differential privacy processing.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the data encryption method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements a data encryption method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011353006.9A CN112395630A (en) | 2020-11-26 | 2020-11-26 | Data encryption method and device based on information security, terminal equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011353006.9A CN112395630A (en) | 2020-11-26 | 2020-11-26 | Data encryption method and device based on information security, terminal equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112395630A true CN112395630A (en) | 2021-02-23 |
Family
ID=74604573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011353006.9A Pending CN112395630A (en) | 2020-11-26 | 2020-11-26 | Data encryption method and device based on information security, terminal equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112395630A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113055930A (en) * | 2021-03-09 | 2021-06-29 | Oppo广东移动通信有限公司 | Data processing method, communication device, server, and storage medium |
| CN113591154A (en) * | 2021-10-08 | 2021-11-02 | 青岛美迪康数字工程有限公司 | Diagnosis and treatment data de-identification method and device and query system |
| CN114401132A (en) * | 2022-01-13 | 2022-04-26 | 平安普惠企业管理有限公司 | Data encryption method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140150114A1 (en) * | 2012-11-28 | 2014-05-29 | Anand Sinha | Visual securement of sensitive data |
| CN107871087A (en) * | 2017-11-08 | 2018-04-03 | 广西师范大学 | The personalized difference method for secret protection that high dimensional data is issued under distributed environment |
| CN109829320A (en) * | 2019-01-14 | 2019-05-31 | 珠海天燕科技有限公司 | A kind for the treatment of method and apparatus of information |
| CN111079174A (en) * | 2019-11-21 | 2020-04-28 | 中国电力科学研究院有限公司 | Power consumption data desensitization method and system based on anonymization and differential privacy technology |
| CN111709052A (en) * | 2020-06-01 | 2020-09-25 | 支付宝(杭州)信息技术有限公司 | Private data identification and processing method, device, equipment and readable medium |
-
2020
- 2020-11-26 CN CN202011353006.9A patent/CN112395630A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140150114A1 (en) * | 2012-11-28 | 2014-05-29 | Anand Sinha | Visual securement of sensitive data |
| CN107871087A (en) * | 2017-11-08 | 2018-04-03 | 广西师范大学 | The personalized difference method for secret protection that high dimensional data is issued under distributed environment |
| CN109829320A (en) * | 2019-01-14 | 2019-05-31 | 珠海天燕科技有限公司 | A kind for the treatment of method and apparatus of information |
| CN111079174A (en) * | 2019-11-21 | 2020-04-28 | 中国电力科学研究院有限公司 | Power consumption data desensitization method and system based on anonymization and differential privacy technology |
| CN111709052A (en) * | 2020-06-01 | 2020-09-25 | 支付宝(杭州)信息技术有限公司 | Private data identification and processing method, device, equipment and readable medium |
Non-Patent Citations (1)
| Title |
|---|
| 马小峰等: "区块链技术原理与实践", 29 February 2020, 机械工业出版社, pages: 84 - 88 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113055930A (en) * | 2021-03-09 | 2021-06-29 | Oppo广东移动通信有限公司 | Data processing method, communication device, server, and storage medium |
| CN113591154A (en) * | 2021-10-08 | 2021-11-02 | 青岛美迪康数字工程有限公司 | Diagnosis and treatment data de-identification method and device and query system |
| CN113591154B (en) * | 2021-10-08 | 2022-02-15 | 青岛美迪康数字工程有限公司 | Diagnosis and treatment data de-identification method and device and query system |
| CN114401132A (en) * | 2022-01-13 | 2022-04-26 | 平安普惠企业管理有限公司 | Data encryption method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112395630A (en) | Data encryption method and device based on information security, terminal equipment and medium | |
| CN110457912B (en) | Data processing method and device and electronic equipment | |
| CN111556059A (en) | Abnormity detection method, abnormity detection device and terminal equipment | |
| US10534931B2 (en) | Systems, devices and methods for automatic detection and masking of private data | |
| CN111651784A (en) | Log desensitization method, device, equipment and computer readable storage medium | |
| CN108681676B (en) | Data management method and apparatus, system, electronic device, program, and storage medium | |
| CN113364753B (en) | Anti-crawler method and device, electronic equipment and computer readable storage medium | |
| CN108009435A (en) | Data desensitization method, device and storage medium | |
| CN109582844A (en) | A kind of method, apparatus and system identifying crawler | |
| CN112685777A (en) | Information desensitization method, apparatus, computer device and medium | |
| US11972023B2 (en) | Compatible anonymization of data sets of different sources | |
| CN113553583A (en) | Information system asset security risk assessment method and device | |
| CN115168863A (en) | Vulnerability analysis method based on accurate behaviors, terminal device and storage medium | |
| US9547768B2 (en) | Privacy measurement and quantification | |
| CN113127915A (en) | Data encryption desensitization method and device, electronic equipment and storage medium | |
| CN110381114B (en) | Interface request parameter processing method and device, terminal equipment and medium | |
| CN112487444A (en) | Database-based data encryption method and device, storage medium and electronic equipment | |
| CN111212153A (en) | IP address checking method, device, terminal equipment and storage medium | |
| CN116340989A (en) | Data desensitization method and device, electronic equipment and storage medium | |
| CN115712917A (en) | Desensitization method and device for sensitive data, electronic equipment and storage medium | |
| CN116055144A (en) | Data security analysis method, device, equipment and storage based on Internet of things | |
| US10482279B2 (en) | Pattern-less private data detection on data sets | |
| CN113761576A (en) | Privacy protection method and device, storage medium and electronic equipment | |
| CN113674083A (en) | Internet financial platform credit risk monitoring method, device and computer system | |
| CN113779198A (en) | Electronic business card generating method, device, equipment and medium based on artificial intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |